Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/4J0AwgazodpdSzKFzm43s5WUBHA.roa
File:                     4J0AwgazodpdSzKFzm43s5WUBHA.roa (raw, json)
Hash identifier:          TUGJKD7m4Ee/xt336s2XnbdiAe+MGpryYfYyxcmAZN0=
Subject key identifier:   E0:9D:00:C2:06:B3:A1:DA:5D:4B:32:85:CE:6E:37:B3:95:94:04:70
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       019745227E87BC12D67F57345411F532D000
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/4J0AwgazodpdSzKFzm43s5WUBHA.roa
Signing time:             Fri 06 Jun 2025 12:06:17 +0000
ROA not before:           Fri 06 Jun 2025 12:06:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6453
IP address blocks:        45.152.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 22:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:45:22:7e:87:bc:12:d6:7f:57:34:54:11:f5:32:d0:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jun  6 12:06:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e09d00c206b3a1da5d4b3285ce6e37b395940470
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b6:1b:73:d1:4e:07:c3:39:d6:f6:a1:f1:9c:
                    94:46:d1:11:99:7c:e1:e9:ea:2c:44:c2:fc:78:6f:
                    d5:eb:a2:8e:1c:6c:7f:c7:dd:26:7a:d8:d6:1d:d3:
                    94:48:1a:c1:1d:f9:b3:78:51:47:c2:40:5d:74:08:
                    13:f3:b5:85:8a:c6:7c:13:b6:b0:e2:a6:05:42:a1:
                    06:cc:2c:5c:5b:27:80:88:e9:4b:b5:4b:11:f0:6a:
                    af:9c:48:98:88:62:05:df:77:d8:1e:c9:59:d2:d2:
                    68:b8:6e:d7:e8:98:5c:5b:25:7b:d2:93:6a:cb:3e:
                    15:0c:ab:95:7f:fb:bb:01:bb:1b:14:eb:c2:2e:45:
                    5e:17:dc:f7:70:c3:87:79:82:e9:1f:68:13:be:a6:
                    44:a9:24:21:6b:e0:9d:b0:6e:84:0a:23:3a:57:79:
                    b0:12:37:15:84:e9:ba:8e:8f:ae:b9:5c:98:a2:83:
                    8c:b2:ec:d6:cb:03:2b:a6:46:43:45:df:2f:cd:65:
                    53:20:5a:44:78:4e:67:e9:4a:14:f8:d7:a9:d1:3b:
                    c9:2b:20:77:99:49:23:9a:b7:68:de:5b:c2:02:78:
                    53:8c:b0:92:8c:55:41:76:54:60:76:68:99:ef:cc:
                    2b:53:20:15:c3:6f:18:55:a9:2e:13:cf:5e:86:64:
                    be:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:9D:00:C2:06:B3:A1:DA:5D:4B:32:85:CE:6E:37:B3:95:94:04:70
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/4J0AwgazodpdSzKFzm43s5WUBHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         50:61:58:9b:b1:bc:c5:c8:6e:a2:8c:33:cb:55:1c:19:8b:56:
         02:cc:41:6b:57:d6:7e:8f:91:bb:31:85:5e:c2:f8:b5:b3:e7:
         51:ca:0d:b6:20:58:7a:07:4f:6c:21:c9:5a:fc:56:3a:a7:e8:
         6d:6e:e1:ab:50:c5:2c:e2:51:67:dc:6e:3d:17:35:fb:38:70:
         0b:0d:36:c6:42:8a:10:1a:3d:03:cb:ff:fb:42:af:e1:a8:69:
         d3:6b:5a:0f:ad:d2:83:f4:f2:25:81:d0:01:bb:97:a8:77:97:
         89:7e:5c:43:94:59:78:27:c4:58:d0:51:8a:9c:6b:e9:e5:e9:
         3b:50:90:2d:d8:26:f9:83:99:d6:48:98:b9:fd:f1:6b:e6:09:
         07:79:45:ff:d5:71:9a:ec:03:6d:ee:be:40:f9:62:d2:e0:2d:
         60:c8:c8:e5:3c:5a:30:e5:c3:be:10:6f:8b:b6:e6:bd:61:36:
         cc:d6:e4:a0:05:55:e6:90:41:44:0a:5d:02:ac:fe:96:48:81:
         e1:ac:be:b9:0e:60:06:1d:0e:43:a9:09:42:74:43:ff:57:49:
         c3:f9:90:cc:58:92:35:fd:29:66:92:8e:43:cf:c9:b6:be:c6:
         07:45:dc:69:55:ec:3c:4b:46:83:65:55:aa:a5:c8:fb:12:34:
         17:a6:57:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdFIn6HvBLWf1c0VBH1MtAAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjUwNjA2MTIwNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDlkMDBjMjA2YjNhMWRhNWQ0YjMyODVjZTZlMzdiMzk1OTQwNDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7Ybc9FOB8M51vah8ZyURtERmXzh
6eosRML8eG/V66KOHGx/x90metjWHdOUSBrBHfmzeFFHwkBddAgT87WFisZ8E7aw
4qYFQqEGzCxcWyeAiOlLtUsR8GqvnEiYiGIF33fYHslZ0tJouG7X6JhcWyV70pNq
yz4VDKuVf/u7AbsbFOvCLkVeF9z3cMOHeYLpH2gTvqZEqSQha+CdsG6ECiM6V3mw
EjcVhOm6jo+uuVyYooOMsuzWywMrpkZDRd8vzWVTIFpEeE5n6UoU+Nep0TvJKyB3
mUkjmrdo3lvCAnhTjLCSjFVBdlRgdmiZ78wrUyAVw28YVakuE89ehmS+eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOCdAMIGs6HaXUsyhc5uN7OVlARwMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvNEowQXdnYXpvZHBkU3pLRnptNDNzNVdVQkhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZg4MA0G
CSqGSIb3DQEBCwUAA4IBAQBQYVibsbzFyG6ijDPLVRwZi1YCzEFrV9Z+j5G7MYVe
wvi1s+dRyg22IFh6B09sIcla/FY6p+htbuGrUMUs4lFn3G49FzX7OHALDTbGQooQ
Gj0Dy//7Qq/hqGnTa1oPrdKD9PIlgdABu5eod5eJflxDlFl4J8RY0FGKnGvp5ek7
UJAt2Cb5g5nWSJi5/fFr5gkHeUX/1XGa7ANt7r5A+WLS4C1gyMjlPFow5cO+EG+L
tua9YTbM1uSgBVXmkEFECl0CrP6WSIHhrL65DmAGHQ5DqQlCdEP/V0nD+ZDMWJI1
/Slmko5Dz8m2vsYHRdxpVew8S0aDZVWqpcj7EjQXple/
-----END CERTIFICATE-----